I have spring security in place and login via login.jsp works perfectly fine.
Now, I have to automatically get the user logged in based on the URL (similar to Single Sign On). I basically have a path parameter in the URL which is basically an encrypted code, I process this code to do an auto login.
I am modifying my LoginController to check if I have a valid path param using which I get my username & password, using this username & password I am doing "forward:/j_spring_security_check?j_username="+username+"&j_password="+password
This directs me to login.jsp with following error Your login attempt was not successful, try again. Caused : Authentication method not supported: GET
I have also tried with "redirect:/j_spring_security_check?j_username="+username+"&j_password="+password
but with no help.
Call to /j_spring_security_check
is a POST
but forward:
& redirect:
is doing a GET
, so how can I dispatch to /j_spring_security_check
as POST
from my LoginController?
Thanks
/j_spring_security_check
URL is mapped to UsernamePasswordAuthenticationFilter
to serve the requests.
In UsernamePasswordAuthenticationFilter
, by default, the postOnly
is set to true
.
The following change in spring-security.xml
which sets postOnly
to false
worked.
<bean id="authenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
p:postOnly="false" />
Also, in web.xml
, the following configuration is required:
<filter-mapping> <filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
You could bypass the check by using a request wrapper which returns "POST" instead of "GET" for getMethod
.
However, the check is there for a reason. It is generally considered bad practice to send credentials as URL parameters. Even if you are using an encrypted parameter, it is still technically equivalent to sending unencrypted authentication credentials since anyone who steals it can use it to authenticate.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With